On 27/12/17 12:58, Jeremy Harris wrote:
> On 27/12/17 12:39, Sebastian Arcus via Exim-users wrote:
>> processing "drop"
>> 5976 message: Reverse DNS record incorrect or missing
>> 5976 check !condition = ${if eq{$received_port}{587}}
>> 5976 =
>> 5976 check !verify = reverse_host_lookup
>> 5976 looking up host name to force name/address consistency check
>> 5976 drop: condition test deferred in ACL "acl_check_connect"
>> 5976 LOG: connection_reject MAIN REJECT
>> 5976 H=[196.207.181.208]:57629 I=[192.168.15.2]:25 temporarily
>> rejected connection in "connect" ACL: host lookup deferred for reverse
>> lookup check
>> 5888 child 5976 ended: status=0x0
>> 5888 normal exit, 0
>>
>>
>> </snip>
>>
>> I'm not quite following the above - does it mean that the reverse dns
>> lookup fails somewhere,
>
> That's how I read it. Add more debug classes to that cmdline option
> for more info - I expect there's a dns-specfic one.
>
> Docs are at
> http://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECID39
>
>
> You could also look into options on the verify= ACL condition,
> if it does turn out to be a DNS issue. See the ACL chapter.
Ok - no sooner did I send my last email to the list, that a series of
spurious connections attempts started on another email server I
administer. I have below the log extract with exim -bd
-d-all+resolver+dns+verify
</snip>
18213 drop: condition test failed in ACL "acl_check_connect"
18213 processing "drop"
18213 message: Reverse DNS record incorrect or missing
18213 check !condition = ${if eq{$received_port}{587}}
18213 =
18213 check !verify = reverse_host_lookup
18213 looking up host name to force name/address consistency check
18213 looking up host name for 182.48.94.184
18213 DNS lookup of 184.94.48.182.in-addr.arpa-PTR: using cached value
DNS_AGAIN
18213 IP address PTR lookup gave temporary error
18213 drop: condition test deferred in ACL "acl_check_connect"
18213 SMTP>> 451 Temporary local problem - please try later
18213 LOG: connection_reject MAIN REJECT
18213 H=[182.48.94.184]:52523 I=[192.168.60.2]:25 temporarily rejected
connection in "connect" ACL: host lookup deferred for reverse lookup check
18213 search_tidyup called
18141 child 18213 ended: status=0x0
18141 normal exit, 0
</snip>
I didn't think a PTR lookup should get a defer? If I look it up on the
command line:
# host 182.48.94.184
Host 184.94.48.182.in-addr.arpa not found: 2(SERVFAIL)
I tried the PTR lookup from another machine, on a completely different
network and DNS server, and I get the same SERVFAIL - so I can only
suppose it is not my DNS setup or server.
I've just spotted another issue, but I'll post a separate message to the
list, to try and keep things tidy
